Révision 6 - Historique - Mentiodns - Aquilenet - L'atelier d'Aquilenet

Mentiodns » Historique » Révision 6

Révision 5 (sacha, 14/06/2018 22:38) → Révision 6/59 (sacha, 15/06/2018 00:38)

h1. Mentiodns 

 Validation des DNS à partir d'une liste sur un unbound et un DNS grand FAI et comparaison des résultats ;) 

 h2. Noeud actifs 

 |_. Nom |_. Bloc | 
 | Mezzanine | domain_names.com_sortedad | 
 | Millicent | domain_names.com_sortedab | 
 | Sacha | domain_names.com_sortedaa | 
 | Taziden | domain_names.com_sortedac | 

 h2. Mentio 

 <pre> 
 #-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+-# 
 #    MENTIODNS : Check for lying DNS (France)    # 
 #--------------------------------------------# 
 #    Version 1.2 - Round robin on DNS_ISP_LIST # 
 #                  For each request              # 
 #    Version 1.1 - Allow resume on basename      # 
 #    Version 1.0 - Parallel process with DIG     # 
 #--------------------------------------------# 
 # (c) Sacha at Aquilenet.fr part of FFDN.org # 
 #--------------------------------------------# 

 # This shity script intend to bruteforce the ISP lying DNS Servers to identify which one 
 # is going on Ministry of Interior Blocking page and compare the IP result from your favorite DNS server 
 # Use this script with the following paramters  
 # 1 - domain names file (file with list of domain names whithout the tld   
 # 2 - position number if it is not given the script will start at the begining 
 # If you relanch the script it will check if it has a counter for the given file to resume 
 # Blacklisted sites in $BLACKLIST_LOG file 
 # Diff ip from a domain name are in $DIFF_LOG  


 RED='\e[31m' 
 GREEN='\e[32m' 
 YELLOW='\e[33m' 
 NC='\033[0m' # No Color 

 DNS_SOURCE=$1 
 DNS_SOURCE_BASENAME=`basename $DNS_SOURCE` 
 tld="com" 
 HOMEDIR="/root/MENTIODNS" 
 DIFF_LOG="$HOMEDIR/DNS_DIFF" 
 BLACKLIST_LOG="$HOMEDIR/DNS_BLACKLISTED" 

 parallel=10 

 lines=`wc -l $DNS_SOURCE|awk -F " " '{print $1}'` 
 countfile="$HOMEDIR/DNS_Count-$DNS_SOURCE_BASENAME" 

 DNS_ISP_LIST="$HOMEDIR/check-DNS_ISP_LIST" 
 DNS_MY="10.11.12.254" 

 DIG_FAST="+timeout=1 +tries=2" 
 DIG_SLOW="+timeout=5 +tries=3 " 

 echo $DNS_ISP_LIST 
 cat $DNS_ISP_LIST 

 _check(){ 
 i=0 
 url="" 
 while [ $i -lt $parallel ] 
 do 
 n=`expr $count + $i` 
 ISP_DNS=`cat $DNS_ISP_LIST | sort -R | head -n 1` 
 url="$url @$ISP_DNS `awk -v n="${n}" 'NR==n {print;exit}' $DNS_SOURCE`.$tld" 
 i=`expr $i + 1` 
 done 
 } 

 #-------------------------------------- 
 if [ -z $2 ]; then 
         if [ -f $countfile ]; then 
         count=`cat $countfile` 
         else 
         count=0 
         echo $count > $countfile 
         fi 
 else count=$2 
 echo $count > $countfile 
 fi 
 #-------------------------------------- 

 while [ "$count" != "$lines" ]; do 
 echo $count > $countfile 
 _check 
 site="$url" 
 echo "-------------------------------------------------------------------------------" 
 echo "#$count `date +%Y%m%d-%H%M%S` SITE:$site" 
 nomentio=`dig +short @$DNS_MY $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` 
 mentio=`dig +short $DIG_SLOW $site|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` 
 if [ -n "$nomentio" ] && [ -n "$mentio" ]; then 
     if [ "$nomentio" != "$mentio" ]; then 
         for i in $site; do 
                 nomentio1=`dig +short $DIG_FAST @$DNS_MY $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` 
                 ISP_DNS=`cat $DNS_ISP_LIST | sort -R | head -n 1` 
                 mentio1=`dig +short $DIG_FAST @$ISP_DNS $i|sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4| tr '\r\n' ' '` 
                         if [ "$nomentio1" != "$mentio1" ]; then 
                                 if [ $mentio1 == "90.85.16.52" ]; then 
                                         echo -e "$RED! SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1 $NC" 
                                         echo "! SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO:$mentio1" >> $BLACKLIST_LOG 
                                 else 
                                 echo -e "$YELLOW> SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO: $mentio1 $NC" 
                                 echo "> SITE: $i ISPDNS:$ISP_DNS REAL:$nomentio1 MENTIO: $mentio1" >> $DIFF_LOG 
                                 fi 
                         fi 
         done 
     else 
     echo -e "$GREEN=#$count    SITE: $site    $NC" 
     fi 
 fi 
 #echo "0 SITE: $count PUB: $nomentio PRIV: $mentio" 

 count=`expr $count + $parallel` 

 done 

 </pre> 

 h2. Test (valide au 14/06/18) 

  dig +short shahamat1.com 
  90.85.16.52 

 khilafah.net 

 h2. Liste de serveurs DNS FAI Français 

 h3. Free 

 212.27.40.240 
 212.27.40.241 
 212.27.40.244 
 212.27.40.245 

 h3. Bouygues 

 194.158.122.10 
 194.158.122.15 

 h3. SFR/Numericable 

 89.2.0.1 
 89.2.0.2 

 h3. Orange 

 80.10.246.1 
 80.10.246.2 
 80.10.246.3 
 80.10.246.5 
 80.10.246.7 
 80.10.246.129 
 80.10.246.130 
 80.10.246.132 
 80.10.246.134 
 80.10.246.136 
 81.253.149.1 
 81.253.149.2 
 81.253.149.6 
 81.253.149.9 
 81.253.149.10 

 h3. OBS (ouverts) 

 194.2.0.20 
 194.2.0.50 

 h2. Vigies de la neutralité 

 https://ooni.torproject.org 
 https://respectmynet.eu

Projet

Général

Profil

Aquilenet

Mentiodns » Historique » Révision 6